On Tue, Oct 08, 2002 at 11:52:27AM -0400, Jason Lixfeld wrote:
I am sure thats part of it. Also, it might be a CPU issue as well.
Unicast RPF is affordable CPU-wise even in the most mediocre boxes people tend to have.
In more cases than not, especially now adays with lots of networks peering all over gods creation, RPF can have some pretty detrimental effects if your routing is somewhat asymmetrical.
A strict rpf can be detrimental in these cases, yes, that is a well known fact. The problem is when people do not apply the safe checks and leak these 1918 space out (as Paul originally pointed out how much traffic he is observing improperly sourced that they can't return). This is not complicated to enable the "any" check and you will not lose any valid traffic. I've seen at a public exchange point a significant amount of traffic that has been dropped that came from invalid/unreachable sources: (sh ip int x/y output) IP verify source reachable-via ANY 707032454 verification drops - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.